[117865] in Cypherpunks
Hushmail attachments not encrypted
daemon@ATHENA.MIT.EDU (Anonymous)
Mon Sep 13 15:52:57 1999
Date: Mon, 13 Sep 1999 21:22:27 +0200 (CEST)
Message-Id: <199909131922.VAA27199@mail.replay.com>
From: Anonymous <nobody@replay.com>
To: cypherpunks@cyberpass.net
Reply-To: Anonymous <nobody@replay.com>
Hushmail says:
> --HushMail attachments coming soon!--
> Now that we have addressed the relevant security concerns, soon you
> will be able to send all your documents safely via HushMail! We have
> developed and will announce shortly an attachment process that will
> securely send your documents, records, presentations, photos, business
> plans and other files to any other HushMember using an SSL-based
> enhancement. Additionally, any text you send along with the attachment
> will take advantage of our full 1024-bit end-to-end encryption. All this
> makes HushMail the most secure Web-based email in the world. Stay tuned!
Sounds like attachments aren't encrypted, they're just sent via SSL.
That means that hushmail gets access to the plaintext of all attachments.
The messages themselves are end-to-end encrypted with ElGamal/Blowfish,
but not the attachments.
Anyone know why attachments can't be encrypted?